CVE-2018-1000865

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000865

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000865.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1000865

Aliases

GHSA-p4p5-3v2j-w5rv

Downstream

RHBA-2019:0326

Published

2018-12-10T14:29:01.620Z

Modified

2026-05-18T05:50:15.849783103Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy sandbox are installed.

Database specific

{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:openshift_container_platform",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "3.11"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/jenkinsci/script-security-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/script-security-plugin

Events

Introduced

Last affected

f3e0073b1449a76d1d40c6ae3787681bdb289beb

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.47"
        }
    ]
}

Affected versions

script-security-1.*

script-security-1.0

script-security-1.0-beta-1

script-security-1.0-beta-2

script-security-1.0-beta-3

script-security-1.0-beta-4

script-security-1.0-beta-5

script-security-1.0-beta-6

script-security-1.1

script-security-1.10

script-security-1.11

script-security-1.12

script-security-1.13

script-security-1.14

script-security-1.15

script-security-1.16

script-security-1.17

script-security-1.18

script-security-1.19

script-security-1.2

script-security-1.20

script-security-1.21

script-security-1.22

script-security-1.23

script-security-1.24

script-security-1.25

script-security-1.26

script-security-1.27

script-security-1.28

script-security-1.29

script-security-1.3

script-security-1.30

script-security-1.31

script-security-1.32

script-security-1.33

script-security-1.34

script-security-1.35

script-security-1.36

script-security-1.37

script-security-1.38

script-security-1.39

script-security-1.4

script-security-1.40

script-security-1.41

script-security-1.42

script-security-1.43

script-security-1.44

script-security-1.45

script-security-1.46

script-security-1.47

script-security-1.5

script-security-1.6

script-security-1.7

script-security-1.8

script-security-1.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000865.json"